CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27347 – G DATA Total Security Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-27347
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-23-379 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31466 – TOCTOU Vulnerability in Quick Heal Total Security
https://notcve.org/view.php?id=CVE-2022-31466
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink. La vulnerabilidad Tiempo de comprobación - Tiempo de uso (TOCTOU) en Quick Heal Total Security anterior a la versión 12.1.1.27 permite a un atacante local conseguir una escalada de privilegios, que puede llevar a la eliminación de archivos del sistema. Esto se consigue aprovechando el tiempo que transcurre entre la detección de un archivo como malicioso y el momento en que se realiza la acción de ponerlo en cuarentena o limpiarlo, y utilizando ese tiempo para sustituir el archivo malicioso por un enlace simbólico • https://softwaresec001.wordpress.com/2022/05/13/privilege-escalation-vulnerability-in-quick-heal-total-security • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31467 – DLL Hijacking Vulnerability in Quick Heal Total Security
https://notcve.org/view.php?id=CVE-2022-31467
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. Una vulnerabilidad de secuestro de DLL en el instalador de Quick Heal Total Security anterior a la versión 12.1.1.27 permite a un atacante local conseguir una escalada de privilegios, lo que lleva a la ejecución de código arbitrario, a través de que el instalador no restringe la ruta de búsqueda de las DLL necesarias y no verifica la firma de las DLL que intenta cargar • https://softwaresec001.wordpress.com/2022/05/13/dll-hijack-vulnerability-fixed-in-quick-heal-total-security • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27534
https://notcve.org/view.php?id=CVE-2022-27534
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases lanzados antes del 12 de marzo de 2022, tenían un error en un módulo de análisis de datos que potencialmente permitía a un atacante ejecutar código arbitrario. La corrección fue realizada de forma automática. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27223
https://notcve.org/view.php?id=CVE-2021-27223
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS Se presentaba un problema de denegación de servicio en uno de los módulos incorporados en los productos Kaspersky Anti-Virus for home y Kaspersky Endpoint Security. Un usuario local podía causar el bloqueo de Windows al ejecutar un módulo binario especialmente diseñado. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#310322_1 •